count-based systems customers and merchants have accounts at a broker or bank, and ... and underlying hardware and software systems. ⢠Anonymity is ...
The Fall and Rise of Micropayment Systems Róbert Párhonyi, Lambert J.M. Nieuwenhuis, Aiko Pras University of Twente, Enschede
1 Introduction Market research companies expect that low value products such as online music and videos will become an important source of revenues for merchants in the future (Leong 2003). These revenues will mostly add up from individual payments for such products rather than from subscriptions (Ulph Jennings 2003). Content spending reports of Online Publishers Association already show that subscriptions slowly lose terrain in favour of individual content payments. The share of content subscriptions dropped from 89% in 2003 to 84.6% in 2004. Among the individual content payments, the share of micropayments increased from 7.4% in 2003 to 17.9% in 2004. Almost 50 million US-Dollars were paid with micropayment systems in 2004 (OPA 2004 and 2005). In conclusion, we expect that micropayment systems will play an important role, because they allow „pay-per-use“ of low value products. Micropayment systems are electronic payment systems that support low value money transfers at low transaction costs. Although, the credit card systems are the most popular online payment systems, they transfer only large amounts of money at rather high transaction costs. Generally, high value payments have a high risk for losing money. To lower this risk, credit card systems increase their security, which in turn results in increasing the costs per transaction. That is why credit card systems have a certain lowest payment value limit and money transfers lower than that limit are not economically feasible. For such transfers micropayment systems are used. The minimum and maximum micropayment values, however, vary with the reading audience. Micropayments are processed very fast, instantaneously and at low risks of losing money (Figure 1). In the relatively short history of micropayment systems two generations are distinguished (Böhle 2002). The first generation of micropayment systems began around 1994 1 and lasted until the end of the 1990’s. The developers of these systems primarily aimed at the introduction of the electronic form of cash (called ECash, E-Coins, digital cash or tokens) on the Internet. They focused on the genera1
Actually, work on topics closely related to micropayments had already started in the 1980’s, when D. Chaum presented his ideas on untraceable electronic cash (Chaum 1988).
2
Róbert Párhonyi, Lambert J.M. Nieuwenhuis, Aiko Pras
tion of E-Coins or tokens, secure, anonymous and untraceable exchange of them, validation and fraud avoidance. Others developed account-based systems that transfer money from customer accounts into merchant accounts similarly to banking systems. Nevertheless, all first generation systems failed one after the other, stopped after a public trial or remained at a theoretical description level. The second generation (or current) micropayment systems emerged in 19992000. These systems are almost without exceptions account-based. In this article, we discuss the chance that the second generation systems will become more successful than their predecessors and to what extent do these systems solve or avoid problems causing the failure of the first generation systems. We show that most failure causes are avoided in the second generation, and conclude that these systems have a much better chance to be successful than their predecessors. The structure of this article is as follows. Section 2 defines the characteristics of micropayment systems. Section 3 and Section 4 present the overviews of the first and second generation systems, respectively, to indicate the differences between them. Section 5 discusses the differences and analyses the chances for the second generation micropayment systems based on the key characteristics that determine the success of micropayment systems. Section 6 presents the conclusions. Value
high
low
low
high
Risk
Fig. 1. Characteristics of micropayments
2 Characteristics of Micropayment Systems In literature several characterization models for micropayment systems are presented. These models define a number of characteristics mostly classified in different groups: user and technology related characteristics (Abrazhevich 2001) or economical and technical characteristics (Weber 1998). A list of characteristics is presented in (Kniberg 2002). In this article, we classify the characteristics in two groups: technical and non-technical characteristics.
The Fall and Rise of Micropayment Systems
3
2.1 Technical characteristics The technical characteristics describe aspects of the micropayment systems that depend on the technology and technological solutions used to build micropayment systems, so they mainly describe the internal structure and functionality of these systems. We consider the following technical characteristics: • Token-based or account-based specifies the medium of value exchange. Tokenbased systems use tokens or E-Coins, which provide buying power. In general, customers „buy“ tokens from a broker to pay the merchants. Afterwards, merchants send the received tokens to the broker that „pays“ the merchants. In account-based systems customers and merchants have accounts at a broker or bank, and customers authorize the broker to transfer money to merchant accounts. • Ease of use or convenience relates to both subscription to and usage of a system for both new and experienced users, and typically relates to the user interfaces and underlying hardware and software systems. • Anonymity is relevant only to customers. We distinguish between anonymity with respect to the merchants and the micropayment system operators (MPSOs). Merchants are never anonymous. • Scalability specifies whether a micropayment system is able to cope with increasing payment volume and user base without significant performance degradation. • Validation determines whether a payment system is able to process payments with or without online contact with a third party (e.g., broker or MPSO). Online validation means that such a party is involved for each payment. Semi-online means that a party is involved, but not for each payment. Offline validation means that payments can be made without a third party (e.g., cash payments). • Security prevents and detects attacks on a payment systems and fraud attempts, and protects sensible payment information. It is needed because attacks and attempts for misusing a payment system to commit fraud on the Internet are common (Abrazhevich 2004). Security is to a certain extent a subjective concept, and felt differently by each user. Users often interpret security as an equivalent for guarantee: customers feel secure if they receive the paid products, while merchants feel secure if they get the money for the delivered products. The main security concerns are the non-repudiation, authentication and authorization, data integrity and confidentiality (MPF 2002). • Interoperability allows users of one payment system to pay or get paid by users of another system. Standardization 2 is a strategy that should assure the interoperability and compatibility of micropayment systems. Standardization defines a set of criteria (or rules) that brings benefits to competing operators on the market without hurting competition (e.g., the standardization of the Internet Protocol and interoperability lead to the amazing growth and success of the Internet). 2
For a detailed description of standardization see the article of Joachim Geisler in this edition.
4
Róbert Párhonyi, Lambert J.M. Nieuwenhuis, Aiko Pras
Interoperability also means the convertibility of currencies. A currency is convertible if it is also accepted by other systems. 2.2 Non-technical characteristics The non-technical characteristics are related to aspects such as the economics and usability of micropayment systems, so they are visible and perceptible for the customers and merchants (users). We consider the following non-technical characteristics: • Trust defines users’ confidence with respect to the trustworthiness of the micropayment system and its operator. Trust can be developed if users know that the MPSO is bearing most of the risks. Security techniques increase the trust users feel. Trust is considered a pre-condition for a blooming E-Commerce (Böhle 2000). • Coverage expresses the number of merchants that accept payments and the number of customers that pay through a payment system. In literature, the terms acceptability and penetration are synonyms of coverage. • Privacy relates to the protection of personal and payment information. A payment system provides privacy protection depending on the type of information. • Pre-paid or post-paid determines how customers use of a payment system. Prepaid systems require customers to transfer money to the system before they can initiate payments. Initiated payments are only processed if the account balance supports these payments. Post-paid systems authorize customers to initiate payments before they transfer money to the system, but authorization is given only after the customers presented a reliable source of money. Afterwards, they initiate payments until the account credit limit allows them. In general, customers are periodically billed by post-paid systems for their payments and the total amount of money spent was deducted from the money source. • Range of payments and multicurrency support define the minimum and maximum payment values supported by a system, and specify whether a system supports multiple currencies or not. • International reach specifies whether a system is available for international users or only for national users.
3 First Generation Micropayment Systems This section presents an overview of the first generation micropayment systems based on the characteristics defined in Section 2. Detailed information about these systems can be found in (O’Mahony 1997 and Weber 1998).
The Fall and Rise of Micropayment Systems
5
3.1 Token-based and account-based Most first generation systems were token-based. The motivation behind tokenbased systems was the overwhelming popularity of cash in the retail commerce. These systems wanted to introduce E-Cash with as many attributes of cash as possible: widespread acceptability, guaranteed payment, no transaction fees and anonymity (O’Mahony 1997). Examples of such systems are Millicent (developed by Digital Equipment Corporation, nowadays HP in 1995), ECash (developed by DigiCash in 1996), MicroMint and PayWord (developed by R. Rivest and A. Shamir in 1995–96), SubScrip (developed by Newcastle University, Australia in 1996), NetCash (developed at the University of Southern California in 1996) and iKP (developed by IBM in 1997). We also found a few account-based systems: Mondex (developed by MasterCard in 1995), CyberCoin (developed by CyberCash Inc. in 1996) and Mini-Pay (developed by A. Herzberg and IBM in 1997). 3.2 Ease of use First generation systems were very inconvenient for users, who were forced to use cumbersome interfaces and difficult wallet and E-Coin management operations. It was almost impossible to use these systems without thorough technical knowledge of technologies such as RSA encryption, digital signatures, transport protocols, host names, mint and withdraw E-Coins, etc. In some cases also special hardware was needed, e.g., Mondex required contact chip cards and special card readers or a specially adapted mobile phone. Figure 2 shows that dedicated software was required and moreover, knowledge about transport protocols was needed to use ECash.
Fig. 1. ECash wallet screen shot
Figure 3 illustrates the interface of the Millicent wallet revealing all details: two panels for wallet information, two for the vendor (i.e., merchant) and broker (i.e.,
6
Róbert Párhonyi, Lambert J.M. Nieuwenhuis, Aiko Pras
currency issuer) policies, and finally two panels for the customer’s activity information.
Fig. 2. Millicent wallet screen shot
Figure 4 illustrates the list of coins in ECash (in German). The first column specifies the quantity, the second the value, the third the total value, and the fourth the expiration date of E-Coins. Unspent E-Coins needed to be returned back to the minting server before their expiration date and had to be replaced with new ECoins. Additionally, payments took a long time to complete. Especially, for micropayments, the time and effort required from many ECash users was too much (Drehmann 2002). Also CyberCash had a very high latency: 15–20 seconds per transaction (Weber 1998). Lack of portability was another inconvenient usage issue. Because most systems required wallet software to be installed by customers, the customers could only use the payment systems from the computer on which the wallet was installed and where the tokens were stored.
The Fall and Rise of Micropayment Systems
7
Fig. 3. List of ECash coins
3.3 Anonymity Many systems were not anonymous in any way and a few provided anonymity only with respect to merchants. Systems like Millicent, Mondex, iKP, PayWord did not provide any kind of anonymity, NetCash and MicroMint allowed customers to remain anonymous only to merchants. Only ECash provided full anonymity together with the untraceability of payments. 3.4 Scalability Especially token-based first generation systems had scalability problems. These problems originate from the fact that they had a central administration for the issued tokens or E-Coins. In general, brokers registered the issued tokens in a central database. After they were spent, the tokens were returned to the brokers for validation, which was done based on their registration. Even after validation, the brokers kept the registration of tokens until these expired. ECash, for instance, was such a payment system, in which the database that stored the registration of every spent E-Coin was a serious bottleneck and created severe scalability problems. Other systems distributed the central administration of tokens. Millicent and SubScrip, for instance, used specific tokens issued by broker and merchants, and the issuing party needed to keep the administration of the tokens. Account-based coped better with scalability, because the number of accounts to be administrated was much lower than of the issued tokens.
8
Róbert Párhonyi, Lambert J.M. Nieuwenhuis, Aiko Pras
3.5 Validation Most first generation systems used online validation. Examples are ECash, NetCash, MagicMoney, PayMe, iKP or CyberCoin. Several systems used offline validation. In the case of PayWord, SubScrip, MicroMint, for instance, merchants validated the tokens, Mondex merchants had special hardware that validated alone the payments. Only a few systems used semi-online validation. For example, a Millicent broker was involved to process the initial macro payment and subsequent payments involved only customers and merchants, a Mini-Pay broker was involved when a certain spending limit of the customer had been reached, Polling used probabilistic intervals to validate payments. 3.6 Security First generation micropayment systems used variable security techniques. Some systems, e.g., ECash, CyberCoin and NetCash, used heavy security techniques such as RSA and/or DEC cryptographic algorithms, digital signatures and passphrases. These techniques were expensive and needed to be understood to a certain extent by both customers and merchants. Other systems, e.g., Millicent and Payword, relied on lightweight security techniques such as hash functions and passphrases and were vulnerable for attacks. Finally, there were systems, e.g., MicroMint that did not provide any protection of payments, so fraud (e.g., doublespending) was possible. Such systems were not accepted by users, even if the developers of these systems stated or proved mathematically that attacks are difficult to commit. 3.7 Interoperability Interoperability between first generation micropayment systems was never provided neither addressed. Interoperability was impossible because mainly token based systems created new currencies (e.g., E-Coins, scrip, subscrip, payword, coupons and merchant-specific tokens) and did not define exchange rules or rates. Funds represented in one or another system could hardly be converted into funds of another systems. Some systems, e.g., SubScrip, needed extensions enabling customers to withdraw their money and exchange them back to US-Dollars. Another example is Millicent, requiring customers to buy specific scrips for each merchant they wanted to pay. Yet another example is ECash, positioned as a system offering the possibility to pay anywhere on the Internet. ECash licensees, however, covered only the customers and merchants of a particular bank, so customers could pay only merchants that were affiliated to the same bank. In conclusion, each ECash licensee could be considered the operator of another proprietary payment system and interoperability between these systems was not possible (Drehmann 2002).
The Fall and Rise of Micropayment Systems
9
The World Wide Web Consortium (W3C) set up a Micropayment Markup Working Group, which developed a Micropayment Transfer Protocol (MPTP 1995) and the Common Mark-up for Micropayment per-fee-links language (Michel 1999). Neither the protocol nor the language became full standards and the activity of this working group was terminated around 1999. 3.8 Trust MPSOs of deployed systems did not manage to persuade the users that their systems are trustworthy. One reason for this is that users tend not to trust new systems without established positive reputation (Abrazhevich 2004). Additionally, these systems emerged in a period when proper legislation for customer protection, privacy and supervision from financial authorities was lacking. The NetCash software, for instance, was online available for download and deployment. Such factors further diminished the trust of users in these systems. 3.9 Coverage First generation systems had a low coverage. One of the reasons was of course that in general the acceptance and penetration of payment systems develops slowly, as was the case of credit cards (Odlyzko 2003). MPSOs underestimated the marketing efforts needed to acquire merchants and customers. Millicent did not actively approach customers and merchants, and started in 1997 its trial with only 7000 customers and 24 merchants (wired.com). Another reason was that customers expected that they could use the system for free, as is the case for paying with cash (Hille 2000). ECash, however, charged 11 US-Dollars as setup fee, 1 US-Dollar monthly fees, and transaction costs (Weber 1998). Yet another reason was that the majority of the customers was reluctant to pay and considered that everything on the Internet should be for free, as it was so far. This was a serious, but actually an unacceptable and ridiculous reason since they are used to pay for newspapers, magazines, books and CD’s in shops and kiosks (Kniberg 2002). An example of low coverage is the trial of CyberBucks (of DigiCash) in 1995, in which 30,000 customers and 50–60 merchants were registered, and four banks were issuing the CyberBucks (Weber 1998). One year later DigiCash started to license ECash to banks such as Mark Twain Bank (USA), Merita Bank (Finland), Deutsche Bank (Germany), Advance Bank (Australia) and the Swedish Post. Mark Twain Bank had just over 3000 ECash customers. DigiCash went bankrupt in 1998. Another example is CyberCoins, which was one of the systems operated by CyberCash. CyberCash had relationship with 3,000 merchants who used or planned to use its payment systems.
10
Róbert Párhonyi, Lambert J.M. Nieuwenhuis, Aiko Pras
3.10 Privacy Little is known about privacy, because mostly technical descriptions are available about systems of this generation. In general, MPSOs promise privacy to customers to earn their trust. ECash, for instance, provided high privacy to customers, who could make payments without merchants and ECash banks being able to find out the identity of the customers. 3.11 Pre-paid and post-paid Token-based systems were pre-paid, because tokens could only be withdrawn or received if a macropayment occurred before to cover the value of the tokens. This means that the majority of the systems were pre-paid, e.g., Millicent, ECash, SubScrip, PayWord, NetCash, and MicroMint. There were also pre-paid accountbased systems like Mondex and CyberCoin. We have not found post-paid system among the first generation systems. 3.12 Range of payments and multicurrency support The range of payments varies a lot. Millicent supported payments from USD 0.001, which is very unusual because in practice products are always much more expensive. CyberCoin and CyberCash supported payments between USD 0.25 up to USD 10. CyberCent supported payments from USD 0.01. Each PayWord token was USD 0.01 worth, unless a special deal was made between customers and merchants to raise this value. The majority of systems supported US Dollars and processed payments with this currency as they were mainly available in the USA. Several token-based systems (e.g., SubScrip, PayWord, each Millicent merchant had its own currency) created their own currencies besides national currencies. None of these systems had multicurrency support although CyberCash and CyberCoin were also available outside of the USA and ECash was deployed in several countries. 3.13 International reach The large majority of these systems functioned within national borders. They were available mainly available in the USA. CyberCash and CyberCoin, however, were also available outside of the USA. Additionally, ECash systems were unable to interoperate.
The Fall and Rise of Micropayment Systems
11
4 Second Generation Micropayment Systems This overview is based on our own extensive study on the second generation micropayment systems. The studied systems were found in a research report presented to the Dutch Ministry of Economical Affairs (DMEA 2003), the payment systems repository of the Electronic Payment Systems Observatory (http://epso.jrc.es), on the EPayNews.com (i.e., payment news and resource centre) web site and in the Google directories on payment and micropayment systems. We observed that, in contrast with the first generation systems, very little information is provided regarding the technical characteristics of the systems. Instead, the information described mainly the non-technical characteristics. 4.1 Token-based and account-based We found only two token-based systems in the second generation systems: Beenz and Flooz. The large majority of the current systems is account-based. Reasons for this development are the easier administration of accounts than of tokens and no monetary value has to be transmitted over the Internet. 4.2 Ease of use A few current systems require a rather long subscription from their customers (e.g., click&buy, Way2Pay). This is due to the laws and regulations that require MPSOs to collect detailed customers information to combat fraud better. Current systems improved significantly with respect to usage convenience. In general, they require two or three simple interactions with customers to process payments. Additionally, these systems use web interfaces rather than special software. Most merchants need common web servers to receive payment confirmations. Peppercoin is an exception, requiring customers and merchants to use dedicated application software. Figure 5 depicts screen shots of three interactions, in which a Wallie customer pays a merchant (IDG Webshop) using a web interface. In the first interaction the customer (who previously selected content for 0.55 EUR) fills in her account number for authentication. In the second interaction she sees that her current account balance is 5 EUR (and will become 4.45 EUR after this payment), and confirms the payment. Finally, she receives a receipt and the payment was processed. Right away also the merchant receives a confirmation. Another advantage of the web interface is that the system is accessible from any computer connected to the Internet and the portability issue is solved. Most systems have similar interactions in proprietary interfaces.
12
Róbert Párhonyi, Lambert J.M. Nieuwenhuis, Aiko Pras
Fig. 4. Screen shots of the Wallie payment process
4.3 Anonymity Without exceptions, current micropayment systems allow customers to remain anonymous to merchants. Only a few systems allow anonymity with respect to the payment systems and MPSOs as well. These are the physical card-based systems (e.g., paysafecard and Wallie), because customers can buy the cards that provide access to their pre-paid accounts in kiosks or from vending machines. Most systems, however, require customers to subscribe, so customers cannot remain anonymous to these systems.
The Fall and Rise of Micropayment Systems
13
4.4 Scalability The large majority of current systems is account-based. Hence, their scalability potential increased compared to the token-based systems since account-based systems can support more users as they need to manage only one account for each customer and they do not need to keep track of every issued tokens (Abrazhevich 2001). Firstgate, the operator of click&buy 3 , declared in November 2004 that click&buy has more than 3 million customers and 2500 merchants in Europe, new customers and merchants can subscribe at any moment and the system copes with scalability (Siegel 2004). Wallie’s operator declared that the payment volume reached 15.000 transactions in February 2005 and is monthly increasing with 15%, which is apparently supported by Wallie (emerce.nl). 4.5 Validation All second generation systems use online validation. A reason for this is that merchants often consider these systems more trusted and secure, because they are guaranteed the receipt of the processed payments (Weber 1998). The attempt to commit fraud by double-spending is therefore prevented. 4.6 Security The second generation systems do not use the heavy security measures required for token-based systems. Today transparent security techniques are used. Take, for instance, the authentication techniques, which in general use an E-Mail address and password combination (e.g., Way2Pay), user name and password (e.g., WebCent), an account identifier number (e.g., Micromoney, paysafecard 4 ), an account identifier and PIN code (e.g., Teletik SafePay). Merchants are transparently identified for each payment by these systems based on their account or registration number (issued by the systems as well). The majority of systems uses the de facto https-web protocol, which provides safe data transmission. This protocol requires authentication of the communicating parties, encrypts and decrypts data. Customers have no trouble using this protocol, because all browsers support https. Current systems and their MPSOs are obliged by law to generate audit information. Such information can be used to prevent non-repudiation, and trace back and verify payments in case of complaints or fraud attempts. Generally customers need to complain at the merchants if the delivered products differ from the offered. MPSOs do not get involved and refunds hardly ever occur. A reason for this is that the costs of chargebacks are huge com3
4
For a detailed description of the solution see the click&buy case study in this edition (Barthold and Seidel 2005). For a detailed description of the solution see the paysafecard case study in this edition (Müller 2005).
14
Róbert Párhonyi, Lambert J.M. Nieuwenhuis, Aiko Pras
pared to the payment values. Firstgate is an exception, however, since it investigates the complaints of customers and tries to resolve them. 4.7 Interoperability The interoperability between current micropayment systems is not solved yet and there are still no micropayment standards. However, almost none of the current systems introduced new currencies, and the amounts of money stored by these systems can be withdrawn and exchanged into other forms of money, except in the case of physical card-based systems (e.g., Wallie, Microeuro and paysafecard). Exceptions exists, however, Beenz and Flooz created new currencies called beenz and flooz, respectively. Beenz, for instance, could only be exchanged into (bank) money by merchants at an unreasonably high rate (50%). 4.8 Trust The trust of customers and merchants increased significantly. This can be partially attributed to the definition of proper legislation by authorities such as the European Central Bank (ECB), European Commission (EC) and Federal Reserve. Although the legislation varies from country to country, laws require licenses for MPSOs and auditable systems, define obligations, liabilities, the security level of the systems, the right for privacy, etc. Such laws are, for instance, the Federal Internet Privacy Protection Act in 1997, Recommendation 489/EC in 1997, Directive 46/EC on E-Money in 2000, Uniform Money Service Act in 2000 and Electronic Fund Transfer Act in 2001. Another factor that increased trust is the partnerships or affiliations of MPSOs with banks, financial institutions, or well-established organizations with a very large customer-base. For instance, the Deutsche Telekom operates Micromoney 5 , the Rabo Bank Minitix, Visa and Mastercard are partners of PayNova, the Commerzbank A.G. and BAWAG are partners of paysafecard, Swisscom and British Telecom are involved in the operation of click&buy. 4.9 Coverage Second generation micropayment systems have a high coverage because the behaviour of customers changed. They are more used to work on the Internet and have embraced the idea to pay for content. Their willingness to pay for low value content such as database search, software downloads, archived information, economics and financial content, online banking and brokerage, consumer reports increases (VDZ 2002). 5
For a detailed description of the solution see the T-Pay-case study in this edition (Hübner and Pöschl 2005).
The Fall and Rise of Micropayment Systems
15
The number of merchants using second generation systems has increased significantly. click&buy has more than 3 million customers and 2500 merchants (Siegel 2004). paysafecard had over 2000 merchants in 2004. Bitpass registered over 1900 content merchants in January 2005. Currently, customers can use the majority of these systems for free. Exceptions are PayNova and Centipix charging for specific transactions. The merchants are those who pay for the usage. They pay transaction costs or a given percentage of the monthly turnover. Some systems also charge setup fees (e.g., click&buy). In general, merchants receive before subscribing an overview of usage costs that they will have to pay. 4.10 Privacy Nowadays, MPSOs need to protect the privacy of their customers. This protection is enforced by the legislation. The EC, for instance, issued the Directive 95/46 „on the protection of individuals (end-users) with regard to the processing of personal data and on the free movement of such data“. MPSOs always publish privacy statements that describe what kind of user and payment information MPSOs collect and for what purpose, and that state the conditions for doing business with customers and merchants. 4.11 Pre-paid and post-paid The majority of current systems is pre-paid. Examples are Minitix, Bitpass, Wallie, paysafecard, WebCent, MicroMoney and Softpay. Among the reasons for the increasing number of pre-paid systems is to limit the fraud possibilities by guaranteeing the payments to providers. It is also important to notice that post-paid systems require a (long-term) contract with consumers in which a steady money source should be provided. This fact makes it more difficult for minors, who have no such money sources, to become users of a post-paid system. Examples of postpaid systems are click&buy and Peppercoin. 4.12 Range of payments and multicurrency support The range of payments varies a lot. Examples of minimum payment values are 0.01 EUR for paysafecard, 0.10 EUR for Minitix, 0.01 USD for Bitpass, 0.25 USD for PayNova. Examples of maximum payment values are 10 EUR for Minitix, 150 EUR for Wallie, and 1,000 EUR for paysafecard. The majority of the systems support a single currency, most often the USDollar and the Euro. Only a few systems support multiple currencies (e.g., click&buy supports both the US-Dollar and the Euro, PayNova also supports Great Britain Pounds, Swedish Crowns, Danish Crowns, Norwegian Crowns, Australian Dollars, and Swiss Franks).
16
Róbert Párhonyi, Lambert J.M. Nieuwenhuis, Aiko Pras
4.13 International reach The majority of the systems is still only available within national borders (e.g., MicroMoney, Microeuro and WebCent in Germany, Teletik Safepay, Minitix, Wallie and Way2Pay in the Netherlands), but a few are available in several countries (e.g, click&buy is available in the Western Europe and USA, paysafecard in Germany and Austria, Bitpass internationally, PayNova in Canada and USA). Because of the increasing international reach and multicurrency support, the crossborder payment potential of current systems is much higher than of their predecessors.
5 Discussion and Analysis In literature, two extensive studies present the key characteristics and factors responsible for the success of micropayment systems. In one study, interviews were conducted with merchants and MPSOs in Sweden, Japan and the USA (Kniberg 2002). In the other study, interviews were conducted and workshops organized for banks, payment system operators, IT and telecom companies, and desk research focused on Dutch and international payment initiatives (DMEA 2003). Table 1 presents these key characteristics and factors, which are then compared for the two generations in the following sub-sections. Several related characteristics and factors are discussed together. Table 1. Key characteristics and factors (Kniberg 2002) trust ease of use (convenience) coverage fixed transaction costs processing speed
(DMEA 2003) who are the system developers and MPSOs? laws and legislation influence of standardization bodies demand for micropayments ease of use (convenience) guaranteed delivery of paid products and receive of paid money trust security coverage processing speed anonymity transparent transaction costs, no extra or hidden costs
5.1 High level of trust The trust of customers and merchants in second generation systems increased significantly. MPSOs (mostly unknown companies on the market) and their systems
The Fall and Rise of Micropayment Systems
17
enjoy a high level of trust, which is owed to the definition of proper legislation by authorities and to the partnerships or affiliations of MPSOs with banks, financial institutions, etc. 5.2 Increasing coverage The value of a payment system depends on the number of users (customers and merchants), as in case of communication networks. The value of the network increases more than proportional with the number of the users (as expressed for instance by Metcalfe’s law). MPSOs needed a certain minimal number of participants that generate sufficient transaction volume (called critical mass) and through those revenues. None of the first generation systems reached that number, so MPSOs went bankrupt without profits. Second generation systems have a significantly higher coverage than the first generation systems and the coverage shows an increasing tendency. The number of merchants is rather high, which means that lots of low value products are offered and the demand for micropayment systems increases. Additionally, costs are no longer reasons for not using these systems, because customers use the large majority of them for free, and merchants receive proper information about the usage costs. The increasing coverage requires cross-border potential from current micropayment systems. Because of the increasing international reach and multicurrency support, this potential is much higher than before. 5.3 Convenient and user-friendly systems The significantly increased convenience and user-friendliness of current systems is primarily owed to the simple and easily understandable web interfaces of these systems. We note that, in the 1990s, the technology often failed to convince the social groups that it could be used without difficulties. SET (Secure Electronic Transactions), a well engineered protocol for online credit card payments developed by Visa, MasterCard and technology vendors, failed due to extremely complicated and inconvenient usage (Øygarden 2001). 5.4 Adequate level of security Micropayment systems only need lightweight security techniques because the risks are manageable due to the limited value per transaction. First generation systems used security techniques that oscillated between no security at all and heavy security techniques, so they were either exposed to attacks or too expensive and too difficult to understand for their users. Current systems use adequate authentication, identification, non-repudiation techniques, and secure communication channels, which increase the security felt
18
Róbert Párhonyi, Lambert J.M. Nieuwenhuis, Aiko Pras
by users. Because of the audit support, customers and merchants are guaranteed that they will receive the paid products (according to their expectation) and the transferred money, respectively. Fraud attempts are not mentioned in the literature. Reasons for this could be the low payment values and that these systems did not reach yet a large coverage as credit card systems did. 5.5 High degree of anonymity Current payment systems provide customers a high degree of anonymity because they always remain anonymous to merchants and in some cases also to the MPSOs. Laws and regulation limit in some cases the anonymity. 5.6 Processing speed Compared to their predecessors, current payment systems take advantage of faster and more developed Internet and IT technologies. According to Moore’s law, the processing power of computers doubles every 18 months, and the bandwidth of communication networks increases even faster (Coffman 2002). Our own experience supports the claim of MPSOs that nowadays micropayments are processed instantly at longest within a couple of seconds. Situations such as the one mentioned for CyberCash belong to history. 5.7 Influence of standardization bodies The influence of standardization is limited. A reason for this is that many operators deployed proprietary systems and do not want to make large changes if a standard emerges (Böhle 2000). We note that, the interoperability between current micropayment systems is still not solved. Customers using one system are not able to pay merchants using another system. Current practice shows that, merchants use several payment systems to attract as many customers as possible (VDZ 2002), and customers need to be prepared to pay with any system the merchants use. As a consequence, customers and merchants are in a very unpleasant situation because they need to learn the usage of several systems, manage multiple accounts, remember multiple passwords, trust different MPSOs and so on.
The Fall and Rise of Micropayment Systems
19
6 Conclusions In this article, we identified the key characteristics of micropayment systems, and used these characteristics to compare the first and second generation systems and determine the possible success of the second generation systems. Our analysis shows that the second generation micropayment systems have a better chance for success than the first generation. In many cases the developers and operators of the new systems learned from the failures of the previous systems. In some cases, however, the same mistakes were made again, so even some second generation systems failed. Beenz, for example, operated between 1999 and 2001 and raised 89 million US-Dollars from investors, but could not win sufficient user trust and credibility, and thus failed. Its main mistake was the introduction of an unconvertible currency, which users could lose without being notified (Kniberg 2002). The failure story of Flooz is similar. Just like what happened with credit card systems, the end effect of competition will be that only a few, globally accepted micropayment systems will survive. Until then, and due to the lack of standardization results, regional payment systems will have to interoperate to facilitate world-wide micropayments.
References Abrazhevich D (2001) Classification and characteristics of electronic payment systems, Proceedings of the Second International Conference on E-Commerce and Web Technologies, Bauknecht, K. et al. eds, London, Springer Abrazhevich, D (2004) Electronic payment systems: A user-centered perspective and interaction design, PhD Thesis, Technical University of Eindhoven, Eindhoven, 2004 Böhle K, Krueger M, Herrmann C, Carat G, Maghiros I (2000) Electronic payment systems–Strategic and technical issues, Background paper Nr. 1 of the EPSO, Institute for Prospective Technological Studies, December 2000 Böhle K (2002), The innovation dynamics of internet payment systems development, Report Nr. 63, Institute for Prospective Technological Studies, April 2002 Chaum D, Fiat A, Naor M (1990) Untraceable electronic cash, Proceeding of the 8th International Cryptology Conference, Shafi Goldwasser ed., London, Springer, 1990 Coffman KG, Odlyzko A (2002) Growth of the Internet, In Optical Fiber Telecommunications IV B: Systems and Impairments, I. P. Kaminow and T. Li, eds, Academic Press, April 2002 DMEA (2003) Betalen via Nieuwe Media (Pay via new media), Research report, The Hague, Dutch Ministry of Economic Affairs, October 2003 Drehmann M, Goodhart C, Krüger M (2002) The challenges facing currency usage, Economic Policy, Volume 17, Issue 34, Blackwell Publishers, April 2002 Hille S (2000) Legal and regulatory requirements on accounting, billing and payment, Deliverable 1.4 of the GigaABP project of the Telematics Institute, Enschede, November 2000 Kniberg H (2002) What makes a micropayment solution succeed, Master thesis, Kungliga Tekniska Högskolan, Stockholm, November 2002
20
Róbert Párhonyi, Lambert J.M. Nieuwenhuis, Aiko Pras
Leong L (2003) Global Internet offers big opportunities for growth, Report of Gartner, June 2003 Michel T (1999) Common Markup for micropayment per-fee-links, W3C, August 1999 Micro Payment Transfer Protocol (MPTP) (1995) Version 0.1, W3C, November 1995 Mobile Payment Forum (MPF) (2002) Enabling secure, interoperable, and user friendly mobile systems, White paper, December 2002 Odlyzko A (2003) The case against micropayment systems, Proceedings of the 7th International Conference on Financial Cryptography, Wright, R.N. ed., Berlin, Springer O’Mahony D, Peirce M, Tewari H, Peirce MA (1997) Electronic payment systems, Norwood, Artech House Online Publishers Association (OPA) (2004) Paid content market–US market spending report, Research reports for 2003, May 2004 Online Publishers Association (OPA) (2005) Paid content market–US market spending report, Research reports for 2004, March 2005 Øygarden K (2001) Constructing security–The implementation of the SET technology in Norway, Master thesis, University of Oslo, 2001 Siegel F (2004) E-payments in Europe - a payment scheme’s perspective, Presentation at the “E-payments without frontiers” conference of the ECB, Frankfurt, November 2004 Ulph Jennings R, Favier J, Cremers I (2003) Downloads: 13% of Europe’s music market in 2007, Report of Forrester Research, May 2003 Verband Deutscher Zeitschriftenverleger (VDZ) and Sapient (2002) Paid content market in Germany, Berlin, December 2002, http://www.paidcontent.org/germarket1.ppt Weber R. (1998) Chablis–Market analysis of Digital payment systems, Technical report, TUM-I9819, Technical University of Munich, August 1998